Accepted mediawiki 1:1.31.16-1+deb10u6 (source) into oldoldstable
- To: debian-lts-changes@lists.debian.org, dispatch@tracker.debian.org
- Subject: Accepted mediawiki 1:1.31.16-1+deb10u6 (source) into oldoldstable
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Tue, 22 Aug 2023 22:20:17 +0000
- Debian: DAK
- Debian-architecture: source
- Debian-archive-action: accept
- Debian-changes: mediawiki_1.31.16-1+deb10u6_source.changes
- Debian-source: mediawiki
- Debian-suite: oldoldstable
- Debian-version: 1:1.31.16-1+deb10u6
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.seger; h=Date:Message-Id: Content-Transfer-Encoding:Content-Type:Subject:MIME-Version:To:Reply-To:From: Cc:Content-ID:Content-Description:In-Reply-To:References; bh=p+z1s+noYeajdLdRbOVUhTw2AA7gj/O//UPxQcw5pWc=; b=D6ahLxhvVUyNMuTCuksd2ztbk+ dY5Ers/IvlVH1e61KJy38xhDGF2WWdWPH9RJ+rqgp2win4F1YuEqfzWP2b3akFaeZEgO2IwuEtzfN NaniiroajCIFsOiV25qEICX8BGJIzzyz/yJFCSmFs28vWUiwO775ozMoVxqf4+ygewnLxX3+OIGpY VMJ1K5TLUY8Mir9LLOo1XBQ70Z0igcSTaRFvLLdLtP/ASAR4XyZYcqFWdYkdr5l8aBR1uN7+z0au6 1BGxL/XG/IkHNnjSjygnOAUSmJI9RRdrU+yWe4IqCiqq9yBySdRXDiisCzAC0AjH+p/5f9P/R8Brl sB4gbKxw==;
- Mail-followup-to: debian-lts@lists.debian.org
- Message-id: <E1qYZjV-00AgI0-Tz@seger.debian.org>
- Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Aug 2023 00:02:23 CEST
Source: mediawiki
Architecture: source
Version: 1:1.31.16-1+deb10u6
Distribution: buster-security
Urgency: high
Maintainer: Kunal Mehta <legoktm@debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Checksums-Sha1:
15267d3e3c5b74ebedb92de2fc997e3497a139ac 2281 mediawiki_1.31.16-1+deb10u6.dsc
a079ebf437c8782922212a40ba3b798c4ade8580 117804 mediawiki_1.31.16-1+deb10u6.debian.tar.xz
ace421bb3c66c61521180e99f79bdacb22941e6e 6884 mediawiki_1.31.16-1+deb10u6_amd64.buildinfo
Checksums-Sha256:
88443bea56013bf928b5d0d4b8825a2ac6f14a402dd46143143ba7a239f2ed54 2281 mediawiki_1.31.16-1+deb10u6.dsc
f0ac74fadbf29a559fc2f483a998c54cfc6e515a27096dd1e0567afd8f0ba630 117804 mediawiki_1.31.16-1+deb10u6.debian.tar.xz
d33d3fa674a065103aecb31b5ecea006dc31d3615304ce66148d1bcd2176e1bf 6884 mediawiki_1.31.16-1+deb10u6_amd64.buildinfo
Changes:
mediawiki (1:1.31.16-1+deb10u6) buster-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2023-29141:
An auto-block can occur for an untrusted X-Forwarded-For header in
MediaWiki, a website engine for collaborative work. X-Forwarded-For is not
necessarily trustworthy and can specify multiple IP addresses in a single
header, all of which are checked for blocks. When a user is autoblocked,
the wiki will create an IP block behind-the-scenes for that user without
exposing the user's IP on-wiki. However, spoofing XFF would let an
attacker guess at the IPs of users who have active autoblocks, since the
block message includes the username of the original block target.
Files:
4cb97dfc5380d5d38fa11f435612de61 2281 web optional mediawiki_1.31.16-1+deb10u6.dsc
a55fceeb6e6f860d7bdd56974b74c99f 117804 web optional mediawiki_1.31.16-1+deb10u6.debian.tar.xz
49e3dcdc67560b07f1de113ff1fffae5 6884 web optional mediawiki_1.31.16-1+deb10u6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAmTlMHNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkBzUQAKbSlTb8lPZ1F4GBESYbChhY9oMbxRNppRyB
2Y9EWVLep0uXcAjx84gihTLxhVIgNKFL4Pz+WgeeBuveEEd0ID7ZAUn7LyWrwcdv
qTlGrkx9LPtJbgd8Zbb8qedlPQo/yZG2LTs2H0WmRPHGC+BTHYHcIec+0HEhPGSW
o6nPLv4phNAIXwGm6zqCGmVV6WKrNMi3KeOxHOeiEEUwL+OZ/qMGX2GgKorsep8P
F97zKG2JPqyolhc6/HT133w0n/n2dn7czOiPYBwlD0olAA/rF2LpDEbex4UUQfLw
QsoHsDAXgimENuiE3+NoMpvS2ivbGinvUD/bPTEdRct9NMTjCnm24QN1YOZM94hk
czO9AiUNOdXtVpUw4WhL1EQFSHBdOOUnvpIArRXyty8T4VypzqQDJXWha9DsHS2x
+z+F6McowoQ5Z2CoIU/MyC949Bn5X33kmxEweBHYLnaecZenrSPVteM2bwTZkAEa
dUy5gJxrIAzd+SOIqfztcwAeNgv8jJVmzeiRR3iXlD37Wq/anKp24Fu9/Y98/Idr
d1Nfj4PDvnQiZXVjwn+WyL6Yn/21Vo7E+7ua9IeL8rI6RL4+804G/pJClNX4eMYg
p028w7XTvQH14g90moKfFHAxkjLbggOj9o7OaoRJrW4yzEQAw4El8FDpqT2sBohF
M6xLPRr9
=B8j+
-----END PGP SIGNATURE-----